fix: fix sonarQube issues (duplication)

Signed-off-by: Jordan Sauvain <jordan.sauvain@ovhcloud.com>

providers/v1/ovh/client_get_secret_map.go

@@ -36,7 +36,7 @@ func (cl *ovhClient) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDa
 	// Retrieve secret from KMS.
 	secretDataBytes, _, err := getSecretWithOvhSDK(ctx, cl.okmsClient, cl.okmsID, ref)
 	if err != nil && !errors.Is(err, esv1.NoSecretErr) {
-		return map[string][]byte{}, fmt.Errorf("%s %q: %w", retrieveSecretError, ref.Key, err)
+		return map[string][]byte{}, wrapRetrieveSecretError(ref.Key, err)
 	} else if err != nil {
 		return map[string][]byte{}, err
 	}
@@ -49,7 +49,7 @@ func (cl *ovhClient) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDa
 	var rawSecretDataMap map[string]any
 	err = json.Unmarshal(secretDataBytes, &rawSecretDataMap)
 	if err != nil {
-		return map[string][]byte{}, fmt.Errorf("%s %q: %w", retrieveSecretError, ref.Key, err)
+		return map[string][]byte{}, wrapRetrieveSecretError(ref.Key, err)
 	}
 
 	// Convert the map[string]any into map[string][]byte.
@@ -57,9 +57,13 @@ func (cl *ovhClient) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDa
 	for key := range rawSecretDataMap {
 		secretDataMap[key], err = esutils.GetByteValueFromMap(rawSecretDataMap, key)
 		if err != nil {
-			return map[string][]byte{}, fmt.Errorf("%s %q: %w", retrieveSecretError, ref.Key, err)
+			return map[string][]byte{}, wrapRetrieveSecretError(ref.Key, err)
 		}
 	}
 
 	return secretDataMap, nil
 }
+
+func wrapRetrieveSecretError(key string, err error) error {
+	return fmt.Errorf("%s %q: %w", retrieveSecretError, key, err)
+}

providers/v1/ovh/client_push_secret.go

@@ -38,10 +38,10 @@ func (cl *ovhClient) PushSecret(ctx context.Context, secret *corev1.Secret, data
 	remoteKey := data.GetRemoteKey()
 
 	if secret == nil {
-		return fmt.Errorf("%s %q: provided secret is nil", pushSecretError, remoteKey)
+		return newPushSecretValidationError(remoteKey, "provided secret is nil")
 	}
 	if len(secret.Data) == 0 {
-		return fmt.Errorf("%s %q: provided secret is empty", pushSecretError, remoteKey)
+		return newPushSecretValidationError(remoteKey, "provided secret is empty")
 	}
 
 	// Check if the secret already exists.
@@ -51,20 +51,20 @@ func (cl *ovhClient) PushSecret(ctx context.Context, secret *corev1.Secret, data
 	})
 	noSecretErr := errors.Is(err, esv1.NoSecretErr)
 	if err != nil && !noSecretErr {
-		return fmt.Errorf("%s %q: %w", pushSecretError, remoteKey, err)
+		return wrapPushSecretError(remoteKey, err)
 	}
 	secretExists := !noSecretErr
 
 	// Build the secret to be pushed.
 	secretToPush, err := buildSecretToPush(secret, data)
 	if err != nil {
-		return fmt.Errorf("%s %q: %w", pushSecretError, remoteKey, err)
+		return wrapPushSecretError(remoteKey, err)
 	}
 
 	// Compare the data of secretToPush with that of remoteSecret.
 	equal, err := compareSecretsData(secretToPush, remoteSecret)
 	if err != nil {
-		return fmt.Errorf("%s %q: %w", pushSecretError, remoteKey, err)
+		return wrapPushSecretError(remoteKey, err)
 	}
 	if equal {
 		return nil
@@ -78,11 +78,19 @@ func (cl *ovhClient) PushSecret(ctx context.Context, secret *corev1.Secret, data
 	// Push the secret.
 	err = pushNewSecret(ctx, cl.okmsClient, cl.okmsID, secretToPush, remoteKey, currentVersion, secretExists)
 	if err != nil {
-		return fmt.Errorf("%s %q: %w", pushSecretError, remoteKey, err)
+		return wrapPushSecretError(remoteKey, err)
 	}
 	return nil
 }
 
+func wrapPushSecretError(remoteKey string, err error) error {
+	return fmt.Errorf("%s %q: %w", pushSecretError, remoteKey, err)
+}
+
+func newPushSecretValidationError(remoteKey, msg string) error {
+	return fmt.Errorf("%s %q: %s", pushSecretError, remoteKey, msg)
+}
+
 // Compare the secret to push with the remote secret.
 // If they are equal, do not push the secret.
 func compareSecretsData(secretToPush map[string]any, remoteSecret []byte) (bool, error) {

providers/v1/ovh/provider.go

@@ -37,6 +37,14 @@ import (
 	"github.com/external-secrets/external-secrets/runtime/esutils/resolvers"
 )
 
+const (
+	emptyTokenSecretRef    = "ovh store auth.token.tokenSecretRef cannot be empty"
+	emptyKeySecretRef      = "ovh store auth.mtls.keySecretRef cannot be empty"
+	emptyCertSecretRef     = "ovh store auth.mtls.certSecretRef cannot be empty"
+	createOvhProviderError = "failed to create new ovh provider client"
+	createOkmsClientError  = "failed to create new okms client"
+)
+
 // Provider implements the ESO Provider interface for OVHcloud.
 type Provider struct {
 	secretKeyResolver SecretKeyResolver
@@ -89,14 +97,14 @@ func (p *Provider) NewClient(ctx context.Context, store esv1.GenericStore, kube
 	}
 
 	if kube == nil {
-		return nil, errors.New("failed to create new ovh provider client: controller-runtime client is nil")
+		return nil, fmt.Errorf("%s: controller-runtime client is nil", createOvhProviderError)
 	}
 
 	ovhStore := store.GetSpec().Provider.Ovh
 	// ovhClient configuration.
 	okmsID, err := uuid.Parse(ovhStore.OkmsID)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create new ovh provider client: %w", err)
+		return nil, fmt.Errorf("%s: %w", createOvhProviderError, err)
 	}
 
 	cas := false
@@ -129,7 +137,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1.GenericStore, kube
 			ovhStore.Server, ovhStore.Auth.ClientMTLS)
 	}
 	if err != nil {
-		return nil, fmt.Errorf("failed to create new ovh provider client: %w", err)
+		return nil, fmt.Errorf("%s: %w", createOvhProviderError, err)
 	}
 	return cl, nil
 }
@@ -151,7 +159,7 @@ func configureHTTPTokenClient(ctx context.Context, p *Provider, cl *ovhClient, s
 		return err
 	}
 	if cl.okmsClient == nil {
-		return errors.New("failed to get new okms client")
+		return errors.New(createOkmsClientError)
 	}
 
 	// Add a custom header.
@@ -185,7 +193,7 @@ func configureHTTPMTLSClient(ctx context.Context, p *Provider, cl *ovhClient, se
 		return err
 	}
 	if cl.okmsClient == nil {
-		return errors.New("failed to get new okms client")
+		return errors.New(createOkmsClientError)
 	}
 
 	return err
@@ -196,7 +204,7 @@ func getToken(ctx context.Context, p *Provider, cl *ovhClient, clientToken *esv1
 	// ClienTokenSecret refers to the Kubernetes secret that stores the token.
 	tokenSecretRef := clientToken.ClientTokenSecret
 	if tokenSecretRef == nil {
-		return "", errors.New("ovh store auth.token.tokenSecretRef cannot be empty")
+		return "", errors.New(emptyTokenSecretRef)
 	}
 
 	// Retrieve the token value.
@@ -206,7 +214,7 @@ func getToken(ctx context.Context, p *Provider, cl *ovhClient, clientToken *esv1
 		return "", err
 	}
 	if token == "" {
-		return "", errors.New("ovh store auth.token.tokenSecretRef cannot be empty")
+		return "", errors.New(emptyTokenSecretRef)
 	}
 
 	return token, nil
@@ -214,10 +222,6 @@ func getToken(ctx context.Context, p *Provider, cl *ovhClient, clientToken *esv1
 
 // Retrieve the client key and certificate from the Kubernetes secret.
 func getMTLS(ctx context.Context, p *Provider, cl *ovhClient, clientMTLS *esv1.OvhClientMTLS) (tls.Certificate, error) {
-	const (
-		emptyKeySecretRef  = "ovh store auth.mtls.keySecretRef cannot be empty"
-		emptyCertSecretRef = "ovh store auth.mtls.certSecretRef cannot be empty"
-	)
 	// keySecretRef refers to the Kubernetes secret object
 	// containing the client key.
 	keyRef := clientMTLS.ClientKey